Documentation ¶
Index ¶
- type Accessor
- func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
- func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error)
- func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
- func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error
- func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error
- func (d *Accessor) RevokeCertificate(serial, aki string, reasonCode int) error
- func (d *Accessor) SetDB(db *sqlx.DB)
- func (d *Accessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error
- func (d *Accessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Accessor ¶
type Accessor struct {
// contains filtered or unexported fields
}
Accessor implements certdb.Accessor interface.
func (*Accessor) GetCertificate ¶
func (d *Accessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)
GetCertificate gets a certdb.CertificateRecord indexed by serial.
func (*Accessor) GetOCSP ¶
func (d *Accessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)
GetOCSP retrieves a certdb.OCSPRecord from db by serial.
func (*Accessor) GetRevokedAndUnexpiredCertificates ¶
func (d *Accessor) GetRevokedAndUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
GetRevokedAndUnexpiredCertificates gets all revoked and unexpired certificate from db (for CRLs).
func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabel ¶
func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) (crs []certdb.CertificateRecord, err error)
GetRevokedAndUnexpiredCertificatesByLabel gets all revoked and unexpired certificate from db (for CRLs) with specified ca_label.
func (*Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns ¶ added in v1.6.1
func (d *Accessor) GetRevokedAndUnexpiredCertificatesByLabelSelectColumns(label string) (crs []certdb.CertificateRecord, err error)
GetRevokedAndUnexpiredCertificatesSelectColumnsByLabel gets serial_number and revoed_at from all revoked and unexpired certificate from db (for CRLs) with specified ca_label.
func (*Accessor) GetUnexpiredCertificates ¶
func (d *Accessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)
GetUnexpiredCertificates gets all unexpired certificate from db.
func (*Accessor) GetUnexpiredCertificatesByLabel ¶ added in v1.6.3
func (d *Accessor) GetUnexpiredCertificatesByLabel(labels []string) (crs []certdb.CertificateRecord, err error)
GetUnexpiredCertificatesByLabel gets all unexpired certificate from db that have the provided label.
func (*Accessor) GetUnexpiredOCSPs ¶
func (d *Accessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)
GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.
func (*Accessor) InsertCertificate ¶
func (d *Accessor) InsertCertificate(cr certdb.CertificateRecord) error
InsertCertificate puts a certdb.CertificateRecord into db.
func (*Accessor) InsertOCSP ¶
func (d *Accessor) InsertOCSP(rr certdb.OCSPRecord) error
InsertOCSP puts a new certdb.OCSPRecord into the db.
func (*Accessor) RevokeCertificate ¶
RevokeCertificate updates a certificate with a given serial number and marks it revoked.
func (*Accessor) UpdateOCSP ¶
UpdateOCSP updates a ocsp response record with a given serial number.
func (*Accessor) UpsertOCSP ¶
UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db Implementation note: We didn't implement 'upsert' with SQL statement and we lost race condition prevention provided by underlying DBMS. Reasoning: 1. it's difficult to support multiple DBMS backends in the same time, the SQL syntax differs from one to another. 2. we don't need a strict simultaneous consistency between OCSP and certificate status. It's OK that a OCSP response still shows 'good' while the corresponding certificate is being revoked seconds ago, as long as the OCSP response catches up to be eventually consistent (within hours to days). Write race condition between OCSP writers on OCSP table is not a problem, since we don't have write race condition on Certificate table and OCSP writers should periodically use Certificate table to update OCSP table to catch up.